METHOD AND APPARATUS FOR 
SECURING THE PRIVACY OF A COMPUTER NETWORK 

BACKGROUND OF THE INVENTON 

The present invention is generally related to the field of computer networks and 
more particularly, is directed to a method and apparatus for secure access to a computer 
network and for safeguarding the confidentiality and privacy of data stored and 
distributed by the network. 

The wide spread use of computers and the emergence of the Internet has lead to a 
revolution in data collection, storage and distribution. (Herein, the terms "data" and 
"information" are used interchangeably). Today, most organizations could not conduct 
their affairs without the aid of computerized information systems which help to collect, 
process, and distribute information. Such systems are taken for granted as a necessity for 
conducting business on even a modest scale. 

Prior to the advent of personal computers and computer networks, most 
information was collected manually and stored in hard copy form in physical file 
drawers. Because there were usually no more than one or two copies of each document, 
their location and safeguarding were easy to control. Even when mainframe computers 
became available, the information had to be collected manually and in many cases 
manually entered into the computer as well. The labor intensive nature of the process 
necessarily limited the amount of information that was collected and entered into the 
computer. 

Access to the stored information also was limited. The information could only be 
retrieved by outputting to an associated terminal unit, printer and/or magnetic tape drive. 
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Security of the information usually was not an issue as the entire computer infrastructure 
was under the control of the business owner. Security resulted from a limited number of 
trusted employees having the skill set needed to gain access to information stored on the 
mainframe computer and by in-house mainframes typically not being networked with 
outside computers. Thus, a company's physical infrastructure, the limited number of 
employees with the requisite skill set and the lack of networking with other computers 
. provided the ultimate firewall. Accordingly, the likelihood that the computer could be 
"hacked" from the outside was greatly reduced and the company and its customers felt 
secure from unauthorized access to company records. 

Today, the situation is much different. The relationship that most customers have, 
for example, with their bank allows the customer online access to his or her banking 
records. In most cases the customer can transfer funds from one account to another, 
including the accounts of a third party. Both the customer and the bank benefit from this 
relationship. The customer can bank at a time that is convenient for him or her and the 
bank has the opportunity to collect a service fee with almost no human intervention. The 
third beneficiaries to this relationship are those who wish to engage in mischief, fraud 
and theft by gaining unauthorized access to the records of bank customers and initiating 
transactions for their own benefit. 

Because computer technology has been developed to the point that it can be 
readily understood, the skill set required to engage in mischievous conduct is low and can 
be easily acquired. It is the unintended beneficiaries of online relationships who engage 
in such conduct that require that attention be paid to computers and network security. 
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While the advantages of conducting business transactions that involve 
confidential and private information online are many, these advantages give rise to many 
security challenges. The challenges are two-fold. The first challenge is to deny entry to 
those who are not authorized to gain access to the system. The second challenge is in 
maintaining the privacy of user information once it has been collected and stored in the 
system. While neither of these challenges are new, they have been greatly aggravated and 
made more difficult by the number of people and commercial establishments who now 
use online systems and the amount of data that these systems collect and store. The 
opportunity to engage in mischief by unscrupulous computer users has risen at a 
corresponding rate. 

Unlike in the past when collecting and entering information into a computer 
system was very labor intensive and thus the volume of information was low, today there 
are many fast and efficient ways in which the information can be collected and entered. 
Modern computer systems are replete with user friendly forms that information providers 
can fill out themselves and not have to rely on company computer operators to complete. 
Thus, the bottle neck of information collection and entry that existed in the past has been 
eliminated in large measure. This has lead to more information being collected and stored 
from many more people. 

In addition, modern computers and computer networks can be programmed to 
automatically collect information about users, sometimes without their knowledge. For 
example, the log files in a web server maintains a record of what websites were visited by 
a web surfer, the time and date, the Internet Protocol address of the computer being used, 



3 



and in some cases, user identities and passwords. Many people consider this information 
confidential and private. 

The concern with protecting the confidentiality and privacy of online information 
in today's world is evident from the actions being taken or planned by most governments 
of developed countries. For example, in the United States, there are national laws that 
regulate the use and collection of personal data by financial institutions and government 
agencies. In addition, the United States enacted legislation entitled the Health Insurance 
Portability and Accountability Act of 1996 which took effect on August 21, 1996. The act 
is intended to improve the efficiency and effectiveness of the U.S. health care system by 
facilitating the electronic exchange of information in the health care industry. The Act 
recognized the challenges to confidentiality of health related information and included 
specific provisions for its confidentiality and privacy. 

In Europe, the European Union Privacy Directive went into effect on October 25, 
1998. This Directive, also known as the EU Data Protection Directive, requires that each 
EU member state enact legislation to protect personal data. According to the Directive, 
personal data policies must require, among other things, that: 
Data be processed fairly; 

Data be collected and possessed for specified, legitimate purposes and be 

kept no longer than necessary to fulfill the stated purpose for which the 

data was collected; 

Data be accurate and up to date; and 

Authorizes users of personal data must not transfer that 

data to third parties without the permission of the 
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individual providing the data. Personal data can only be 
transferred across national borders when the receiving 
country has an adequate level of protection for the data. 
The Directive also requires that the person about whom the data concerns be 
given adequate notice of activity regarding the data. The notice must include the identity 
of the party collecting or using the data; the purpose for which the data may be used; and 
such other information as is necessary to ensuring that the processing of the date is "fair" 
to the individual. 

The implications and practical difficulty of implementing the EU Directive are 
great and go beyond the boundaries of the 15 European Union countries. As the Directive 
requires that no person data can be transferred across borders unless the receiving country 
has an adequate level of protection for the data, the effect of the Directive has 
international dimensions. Moreover, compliance with the notice requirement mentioned 
above will be difficult to achieve using conventional methods given an increasingly 
global market place, which by its nature, knows no international boundaries. 

While attempts have been made to address the security needs of computers and 
computer networks with respect to preventing unauthorized access and misuse, of 
confidential information, these attempts increasingly fall short of what is needed to fully 
address the problem. Unlike in the past, most mainframe computer systems are now 
networked to other computers that are outside of the control of the mainframe owner. The 
natural fire wall that existed in the past is no longer present today. Also, the skill level 
required to operate and access information stored in these computers, while still high 
compared to prior standards, is easily within reach of most who wish to acquire the skill. 
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Moreover, the number of people who are computer sawy beyond just a casual knowledge 
of how to use a computer continues to grow. In additional, criminal enterprises naturally 
move to targets of opportunity whenever they arise. Online confidential and proprietary 
information represent such targets. 

E-mail, for example, has become one of the most prevalent means for 
communicating information within and across organizations. Thus, the need for securing 
and validating that only authorized users can access their own e-mail accounts becomes 
mission critical in many situations. The security of e-mail messages are particularly 
problematic due to the propensity that many e-mail users have to send copies to multiple 
recipients. Thus, not only must the originator of the e-mail be validated for access, the 
universe of recipients must be as well. 

Thus, approaches to computer and network security that were sufficient in the 
past are no longer equal to the challenge that today's security risks present. Accordingly, 
there is a need in the art for a more effective solution. 
SUMMARY OF THE INVENTION 

Accordingly, it is the overall objective of the present invention to provide a 
method and apparatus for overcoming the above noted deficiencies in the security of 
computers and computer networks. 

It is a specific objective of the present invention to provide a method and 
apparatus for overcoming the above noted deficiencies in the security of computers and 
computer networks that is more effective than those presently known in the art. 
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It is another objective of the present invention to provide a method and apparatus 
for overcoming the above noted deficiencies in the security of computers and computer 
networks which can be implemented in a cost effective manner. 

It is still further objective of the present invention to provide a method and 
apparatus for overcoming the above noted deficiencies in the security of computers and 
computer networks which can be used with prior art networks. 

It is another objective of the present invention to provide a method and apparatus 
for overcoming the above noted deficiencies in the security of computers and computer 
networks which can be easily implemented. 
BRIEF DISCRETION OF THE DRAWINGS 

The present invention may be more completely understood in consideration of the 
following detailed description of various embodiments of the invention in connection 
with the accompanying drawings, in which: 

Figure 1 is a diagram illustrating the general architecture of the present invention; 

Figure 2 is flow chart illustrating the notification of a data subject in accordance 

v. 

with the present invention; and 

Figure 3 is a block diagram of one embodiment of a security module in 
accordance with the present invention. 
DESCRIPTION OF THE PREFERRED EMBODIMENT 

Figure 1 is a diagram of one embodiment of a network infrastructure which can be 
used to achieve the notification requirements of the EU Directive in accordance with the 
present invention. NOC 1 (Network Operations Center) is an ultra secure FIPS 
complaints data communications gateway located, for example, in Northern Virginia. 
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NOC 1 provides point-to-point secure socket layer encryption, intrusion detection, non- 
repudiation protocols and securely maintains complete electronic communications 
transaction logs. NOC 1 also generates a challenge/answer password and unique user 
identification for inclusion in the notification letter that is physically sent to the EU data 
subject, i.e., the person whose personal data is at issue. The password and user ID can be 
used by the data subject with network access to log onto a secure privacy response web 
portal for "OPT IN" , "OPT OUT" and data correction purposes. 

Privacy Notification and Call Center 2 located, for example, in Fargo, North 
Dakota, is at the heart of the EU privacy Directive compliance system in accordance with 
the present invention. All privacy notification forms are securely electronically forwarded 
via NOC 1 to the Privacy Notification Center for human and electronic processing. Each 
form is logged utilizing well known A.C.I.D. transaction procedures. The information is 
then transformed into privacy notification letters in both English and the language of the 
EU data subject's country mailing address. Notifications letters are securely 
electronically forwarded to a Central Office 3 for posting via standard mail to the EU 
data subject's mailing address. All EU Data subject's electronic responses are securely 
returned electronically to the notification center. All postal responses are returned to and 
electronically transformed by the Central Office and forwarded to the notification center 
which in turn notifies the member client that the proper notification letter has been sent 
and that they are now to take the legally required compliance action based on the data 
subject's specific response to the letter or that were obtained form the data subject via the 
privacy non repudiation web portal. 
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A Processing Center 4, for example in Brussels, securely receives the electronic 
notification letter, logs its receipt, prints the letter and posts to the EU data subject's EU 
mailing address. Included in each notification letter is a self return EU stamped privacy 
action response card which provides the EU data subject the opportunity to "OPT IN" or 
"OPT OUT" or request that category information be corrected by the member client. Also 
included in the privacy notification letter is the EU data subject's unique ID and 
password to access the secure privacy non repudiation web portal of the present invention 
in order to electronically respond if they so desire. All physical response cards are 
returned to the EU office and transformed into electronic form and forwarded to the 
privacy processing center in North Dakota. 

The EU date subject receives the privacy notification letter at his or her EU 
mailing address. Non deliverable notification letters are returned the Processing Center 4 
and so logged in the A.C.O.D " transactions data base. He or she completes the self 
mailer privacy action card and returns to Processing Center 4 or in the alternative logs 
onto the secure privacy notification response web portal utilizing their unique user ID and 
password supplied in the notification letter. Non responses that were neither physically 
nor electronically received are reported and logged at the privacy processing center for 
A.C.I.D. data base inclusion. 

Accordingly, the present invention provides an efficient method for those 
companies that are subject to the EU Direction to comply with its notification 
requirement and the safeguarding of personal information. Figure 2 is a flow chart 
illustrating the operation of the notification method in accordance with the present 
invention. 
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The safeguarding of personal information in the way maintained by the EU 
Directive does not address the issue of unauthorized access to a computers and computer 
networks. 

In accordance with the present invention, a novel security module is provided to 
each user of the computer network. The module includes unique digital keys that are 
assigned to specific network users. In order to use the network, a user must insert his or 
her security module into a reader port attached to the network. Insertion of the module 
into the reader causes a secure message to be sent to a key validation server on the 
network. The server validates the digital key contained within the security module against 
a certificate authority. If validation is successful, the user is permitted to access the 
network to the level of authority granted to that particular user. The validation server 
might also require that the identity associated with the key be bound to a master key. 

The security module of the present invention may also be used to configure 
network architecture in a predetermined manner. For example, a user might be able to 
access certain network resources without use of the security module. When the module is 
used, additional resources would be made available to the user. In another example, 
certain security features of the network, such as encryption, could be enabled when the 
key is used. Encryption would be especially desirable in a wireless network. 

Figure 3 is a block diagram of one embodiment of a security module in 
accordance with the present invention. The module includes a microprocessor 30 for 
executing a stored computer program that controls the operation of the module, memory 
31 for storing computer program instructions and data, encryption/decryption module 32 
for encrypting and decrypting data generated and used by the module, digital keys 33, 
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Input/Output Interface 34 to which Status LEDS 35 for the module are coupled alone 
with Key Buttons 36 which can be activated by the user and Network Interface 37 which 
interfaces, for example, to a module reader device connected to the network. These 
elements individually are known in the art. They are arranged in a novel manner in Figure 
3 in accordance with the present invention. 

In yet another embodiment of the invention, non repudiation of authorized users 
and access controls to internal and external e-mail servers and user's electronic mailboxes 
could be enabled by binding the identity of the users to their specific physical key and 
utilizing said key as a trusted token for electronic entry, egress and logging audit trails 
from the email system(s). 

A number of encryption techniques may be used with the present invention. Such 
techniques include x.509 and RFC 2459 signature encryption. Also included as an 
encryption algorithm is an elliptic curve digital signature algorithm (ECDSA) and most 
specifically a Koblitz or anomalous binary curve. 

The present invention should not be considered limited to thee particular 
examples described above, but rather should be understood to cover all aspects of the 
invention as fairly set out in the attached claims. Various modifications, equivalents 
processes, as well as numerous structures to which the present invention may be 
applicable will be readily apparent to those of skill in the art to which the present 
invention is directed upon review of the instant specification. 
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